Linux Foundation Linux Foundation

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Linux Foundation product.

RSS Feeds for Linux Foundation security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Linux Foundation products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Linux Foundation Sorted by Most Security Vulnerabilities since 2018

Linux Foundation Yocto74 vulnerabilities

Linux Foundation Argo Cd24 vulnerabilities

Linux Foundation Harbor21 vulnerabilities

Linux Foundation Magma20 vulnerabilities

Linux Foundation Pytorch13 vulnerabilities

Linux Foundation Runc12 vulnerabilities

Linux Foundation Iot Yocto12 vulnerabilities

Linux Foundation Containerd11 vulnerabilities

Linux Foundation Backstage8 vulnerabilities

Linux Foundation Cubefs6 vulnerabilities

Linux Foundation Spinnaker5 vulnerabilities

Linux Foundation Nats Server4 vulnerabilities

Linux Foundation Onnx4 vulnerabilities

Linux Foundation Dex3 vulnerabilities

Linux Foundation Vitess2 vulnerabilities

Linux Foundation Rekor2 vulnerabilities

Linux Foundation Fluid2 vulnerabilities

Linux Foundation Pipecd1 vulnerability

Linux Foundation Zowe1 vulnerability

Linux Foundation Docarray1 vulnerability

Linux Foundation Imgcrypt1 vulnerability

Linux Foundation Dapr1 vulnerability

Linux Foundation Kuadrant1 vulnerability

Linux Foundation Lima1 vulnerability

By the Year

In 2025 there have been 44 vulnerabilities in Linux Foundation with an average score of 6.6 out of ten. Last year, in 2024 Linux Foundation had 53 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Linux Foundation in 2025 could surpass last years number. Last year, the average CVE base score was greater by 0.42




Year Vulnerabilities Average Score
2025 44 6.62
2024 53 7.04
2023 90 6.70
2022 51 7.22
2021 38 7.14
2020 41 7.14
2019 11 6.98
2018 2 6.55

It may take a day or so for new Linux Foundation vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Foundation Security Vulnerabilities

A vulnerability was found in docarray up to 0.40.1

CVE-2025-5150 8.8 - High - May 25, 2025

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Prototype Pollution

PyTorch is a Python package

CVE-2025-32434 9.8 - Critical - April 18, 2025

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.

Marshaling, Unmarshaling

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0

CVE-2025-3730 5.5 - Medium - April 16, 2025

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.

Improper Resource Shutdown or Release

In DA, there is a possible out of bounds write due to a missing bounds check

CVE-2025-20656 - April 07, 2025

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.

Memory Corruption

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0

CVE-2025-3136 3.3 - Low - April 03, 2025

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Memory Corruption

A vulnerability classified as problematic has been found in PyTorch 2.6.0

CVE-2025-3121 5.5 - Medium - April 02, 2025

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability classified as critical was found in PyTorch 2.6.0

CVE-2025-3001 5.3 - Medium - March 31, 2025

A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in PyTorch 2.6.0

CVE-2025-2999 5.3 - Medium - March 31, 2025

A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability classified as critical has been found in PyTorch 2.6.0

CVE-2025-3000 5.3 - Medium - March 31, 2025

A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability was found in PyTorch 2.6.0

CVE-2025-2998 5.3 - Medium - March 31, 2025

A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Buffer Overflow

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124

CVE-2025-2953 5.5 - Medium - March 30, 2025

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.

Improper Resource Shutdown or Release

Insecure permissions in pipecd v0.49

CVE-2024-53351 - March 21, 2025

Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.

Insecure permissions in kuadrant v0.11.3

CVE-2024-53349 - March 21, 2025

Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster

In da, there is a possible out of bounds read due to a missing bounds check

CVE-2025-20651 - March 03, 2025

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.

In da, there is a possible out of bounds write due to a missing bounds check

CVE-2025-20650 - March 03, 2025

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.

Memory Corruption

In V6 DA, there is a possible out of bounds write due to a missing bounds check

CVE-2025-20635 6.6 - Medium - February 03, 2025

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434.

Memory Corruption

In Bluetooth FW, there is a possible reachable assertion due to improper exception handling

CVE-2024-20147 - February 03, 2025

In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at /nas/ies/EsmMessageContainer.cpp

CVE-2024-24423 7.5 - High - January 21, 2025

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at /nas/ies/EsmMessageContainer.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

Memory Corruption

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37030 6.5 - Medium - January 21, 2025

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `eNB_UE_S1AP_ID` field.

NULL Pointer Dereference

Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received

CVE-2023-37029 7.5 - High - January 21, 2025

Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service.

assertion failure

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37031 6.5 - Medium - January 21, 2025

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `eNB Configuration Transfer` packet missing its required `Target eNB ID` field.

NULL Pointer Dereference

A Stack-based buffer overflow in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37032 7.5 - High - January 21, 2025

A Stack-based buffer overflow in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an oversized `Emergency Number List` Information Element.

Memory Corruption

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37033 6.5 - Medium - January 21, 2025

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `EUTRAN_CGI` field.

NULL Pointer Dereference

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37034 6.5 - Medium - January 21, 2025

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `TAI` field.

NULL Pointer Dereference

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37036 6.5 - Medium - January 21, 2025

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `ENB_UE_S1AP_ID` field.

NULL Pointer Dereference

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37028 6.5 - Medium - January 21, 2025

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Modification Indication` packet missing an expected `eNB_UE_S1AP_ID` field.

NULL Pointer Dereference

Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37027 6.5 - Medium - January 21, 2025

Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Modification Indication` packet missing an expected `eNB_UE_S1AP_ID` field.

NULL Pointer Dereference

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37026 6.5 - Medium - January 21, 2025

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Release Response` packet missing an expected `MME_UE_S1AP_ID` field.

NULL Pointer Dereference

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37025 6.5 - Medium - January 21, 2025

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Reset` packet missing an expected `ResetType` field.

NULL Pointer Dereference

A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37024 7.5 - High - January 21, 2025

A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an `Emergency Number List` Information Element.

assertion failure

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c

CVE-2024-24422 7.5 - High - January 21, 2025

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

Memory Corruption

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_traffic_flow_template_packet_filter function at /3gpp/3gpp_24.008_sm_ies.c

CVE-2024-24419 7.5 - High - January 21, 2025

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_traffic_flow_template_packet_filter function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

Classic Buffer Overflow

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at /nas/ies/PdnAddress.cpp

CVE-2024-24418 7.5 - High - January 21, 2025

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at /nas/ies/PdnAddress.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

Classic Buffer Overflow

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c

CVE-2024-24417 7.5 - High - January 21, 2025

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

Out-of-bounds Read

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at /3gpp/3gpp_24.008_sm_ies.c

CVE-2024-24416 7.5 - High - January 21, 2025

The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

Classic Buffer Overflow

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37038 6.5 - Medium - January 21, 2025

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `MME_UE_S1AP_ID` field.

NULL Pointer Dereference

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486)

CVE-2023-37037 6.5 - Medium - January 21, 2025

A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Supported TAs` field.

NULL Pointer Dereference

In V6 DA, there is a possible out of bounds write due to a missing bounds check

CVE-2024-20145 - January 06, 2025

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; Issue ID: MSV-2040.

Memory Corruption

In wlan STA driver, there is a possible out of bounds write due to improper input validation

CVE-2024-20146 - January 06, 2025

In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835.

Memory Corruption

In wlan STA FW, there is a possible out of bounds write due to improper input validation

CVE-2024-20148 - January 06, 2025

In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.

Memory Corruption

In V6 DA, there is a possible out of bounds write due to a missing bounds check

CVE-2024-20143 - January 06, 2025

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2069.

Memory Corruption

In power, there is a possible out of bounds write due to a missing bounds check

CVE-2024-20140 - January 06, 2025

In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09270402; Issue ID: MSV-2020.

Memory Corruption

In wlan STA driver, there is a possible reachable assertion due to improper exception handling

CVE-2024-20152 - January 06, 2025

In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798.

assertion failure

In V6 DA, there is a possible out of bounds write due to a missing bounds check

CVE-2024-20144 - January 06, 2025

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2041.

Memory Corruption

Harbor P2P Preheat Execution Logs Permission Bypass Vulnerability

CVE-2022-31671 7.4 - High - November 14, 2024

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.

AuthZ

Harbor: Improper Access Control in Tag Immutability Policy Update

CVE-2022-31669 7.7 - High - November 14, 2024

Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesnt have access to, the attacker could modify tag immutability policies configured in other projects.

AuthZ

Harbor Tag Retention Policy Access Control Vulnerability

CVE-2022-31670 7.7 - High - November 14, 2024

Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesnt have access to, the attacker could modify tag retention policies configured in other projects.

AuthZ

Harbor Robot Account Permission Bypass Vulnerability

CVE-2022-31667 6.4 - Medium - November 14, 2024

Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesnt have access to.  By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesnt have access to, it was possible to revoke the robot account permissions.

AuthZ

Harbor P2P Preheat Policy Update Permission Bypass Vulnerability

CVE-2022-31668 7.7 - High - November 14, 2024

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.

AuthZ

MediaTek Da Out-of-Bounds Write Vulnerability

CVE-2024-20104 - November 04, 2024

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772.

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.