Linux Foundation Linux Foundation

  1. Vendors
  2. Linux Foundation

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Linux Foundation product.

RSS Feeds for Linux Foundation security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Linux Foundation products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Linux Foundation Sorted by Most Security Vulnerabilities since 2018

Linux Foundation Yocto76 vulnerabilities

Linux Foundation Argo Cd24 vulnerabilities

Linux Foundation Magma22 vulnerabilities

Linux Foundation Harbor21 vulnerabilities

Linux Foundation Pytorch14 vulnerabilities

Linux Foundation Runc12 vulnerabilities

Linux Foundation Iot Yocto12 vulnerabilities

Linux Foundation Argo Continuous Delivery11 vulnerabilities

Linux Foundation Containerd11 vulnerabilities

Linux Foundation Backstage8 vulnerabilities

Linux Foundation Cubefs6 vulnerabilities

Linux Foundation Edge Virtualization Engine5 vulnerabilities

Linux Foundation Spinnaker5 vulnerabilities

Linux Foundation Nats Server4 vulnerabilities

Linux Foundation Onnx4 vulnerabilities

Linux Foundation Zowe Api Mediation Layer3 vulnerabilities

Linux Foundation Dex3 vulnerabilities

Linux Foundation Api Mediation Layer2 vulnerabilities

Linux Foundation Vitess2 vulnerabilities

Linux Foundation Software Open Networking Cloud2 vulnerabilities

Linux Foundation Rekor2 vulnerabilities

Linux Foundation Onos Lib Go2 vulnerabilities

Linux Foundation Onos Kpimon2 vulnerabilities

Linux Foundation Cups Filters2 vulnerabilities

Linux Foundation Fluid2 vulnerabilities

Linux Foundation Openfeature1 vulnerability

Linux Foundation Opentelemetry Go Contrib1 vulnerability

Linux Foundation Opentelemetry Instrumentation Java1 vulnerability

Linux Foundation Backstage Plugin Catalog Backend1 vulnerability

Linux Foundation Pipecd1 vulnerability

Linux Foundation Backstage Core Components1 vulnerability

Linux Foundation Ric App Kpimon Go1 vulnerability

Linux Foundation Backstage Catalog Model1 vulnerability

Linux Foundation Backstage Backend Common1 vulnerability

Linux Foundation Tekton Pipelines1 vulnerability

Linux Foundation Automotive Grade Linux1 vulnerability

Linux Foundation Dragonfly1 vulnerability

Linux Foundation Zowe1 vulnerability

Linux Foundation Docarray1 vulnerability

Linux Foundation Modular Open Smart Network1 vulnerability

Linux Foundation Imgcrypt1 vulnerability

Linux Foundation Knative Func1 vulnerability

Linux Foundation Kuadrant1 vulnerability

Linux Foundation Kubewarden Controller1 vulnerability

Linux Foundation Lima1 vulnerability

Linux Foundation Cni Network Plugins1 vulnerability

Linux Foundation Dapr1 vulnerability

Linux Foundation Baremetal Operator1 vulnerability

Linux Foundation Fossology1 vulnerability

Linux Foundation Onos Ric Sdk Go1 vulnerability

Linux Foundation Open Cluster Management1 vulnerability

By the Year

In 2025 there have been 48 vulnerabilities in Linux Foundation with an average score of 6.6 out of ten. Last year, in 2024 Linux Foundation had 60 security vulnerabilities published. Right now, Linux Foundation is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.50




Year Vulnerabilities Average Score
2025 48 6.62
2024 60 7.12
2023 90 6.70
2022 51 7.22
2021 38 7.14
2020 41 7.14
2019 11 6.98
2018 2 6.55

It may take a day or so for new Linux Foundation vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Linux Foundation Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-20696 Aug 04, 2025
Android Device Admin API OOB Write LPE via Physical Access In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.
Yocto
CVE-2025-20693 Jul 08, 2025
Out-of-Bounds Read in Alps WLAN STA Driver Causing Info Disclosure In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.
Yocto
CVE-2025-5150 May 25, 2025
docarray 0.40.1 Web API prototype pollution via __getitem__ A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Docarray
CVE-2025-32434 Apr 18, 2025
PyTorch RCE via torch.load weights_only=True <2.6.0 PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
Pytorch
CVE-2025-3730 Apr 16, 2025
PyTorch 2.6.0 ctc_loss Local DoS Vulnerability A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctc_loss of the file aten/src/ATen/native/LossCTC.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 46fc5d8e360127361211cb237d5f9eef0223e567. It is recommended to apply a patch to fix this issue. The security policy of the project warns to use unknown models which might establish malicious effects.
Pytorch
CVE-2025-20656 Apr 07, 2025
CVE-2025-20656: OOB Write in DA Enables Physical Local Priv Esc Escalation In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.
Yocto
CVE-2025-3136 Apr 03, 2025
PyTorch 2.6.0 Mem Corruption via caching_allocator_delete A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Pytorch
CVE-2025-3121 Apr 02, 2025
Memory Corruption via torch.jit.jit_module_from_flatbuffer (PyTorch 2.6.0) A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Pytorch
CVE-2025-3001 Mar 31, 2025
PyTorch 2.6.0 torch.lstm_cell Local MemCorrupt A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Pytorch
CVE-2025-2999 Mar 31, 2025
PyTorch 2.6.0 Critical Memory Corruption in torch.nn.utils.rnn.unpack_sequence A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Pytorch
CVE-2025-3000 Mar 31, 2025
PyTorch 2.6.0 Critical JIT Script Mem. Corruption A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Pytorch
CVE-2025-2998 Mar 31, 2025
PyTorch 2.6.0 pad_packed_sequence Memory Corruption CVE-2025-2998 A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Pytorch
CVE-2025-2953 Mar 30, 2025
PyTorch 2.6.0 (+cu124) torch.mkldnn_max_pool2d DoS A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The security policy of the project warns to use unknown models which might establish malicious effects.
Pytorch
CVE-2024-53351 Mar 21, 2025
Pipecd v0.49 Insecure Permissions Expose Service Account Token Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges.
Pipecd
CVE-2024-53349 Mar 21, 2025
Kuadrant 0.11.3 Insecure Permissions Leak SA Token Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster
Kuadrant
CVE-2025-20651 Mar 03, 2025
Local Info Disclosure via OOB Read in 'da' Component In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.
Yocto
CVE-2025-20650 Mar 03, 2025
Local Priv Esc via OOB Write in ALPS Driver (CVE-2025-20650) In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.
Yocto
CVE-2025-20635 Feb 03, 2025
V6 DA OOB Write: Local Priv Escalation via Physical Access In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434.
Yocto
CVE-2024-20147 Feb 03, 2025
MediaTek BT FW reachable assertion leads to remote DoS In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.
Yocto
CVE-2023-37038 Jan 21, 2025
Null pointer deref in Magma MME (<=1.8.0) via S1AP Uplink NAS A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `MME_UE_S1AP_ID` field.
Magma
CVE-2024-24423 Jan 21, 2025
Magma <=1.8 Buffer Overflow in decode_esm_message_container (DoS) (fixed 1.9) The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_esm_message_container function at /nas/ies/EsmMessageContainer.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
Magma
CVE-2024-24422 Jan 21, 2025
Magma <=1.8.0 stack overflow in decode_protocol_configuration_options allows DoS The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a stack overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
Magma
CVE-2024-24419 Jan 21, 2025
Magma <=1.8.0 Buffer Overflow in DTFTPP (DoS via crafted NAS packet) The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_traffic_flow_template_packet_filter function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
Magma
CVE-2024-24418 Jan 21, 2025
DoS via bufover in Magma <=1.8.0 PdnAddress.cpp The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_pdn_address function at /nas/ies/PdnAddress.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
Magma
CVE-2024-24417 Jan 21, 2025
Magma <=1.8.0 Buf ovfl in decode_proto_config_opts Causing NAS DoS The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_protocol_configuration_options function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
Magma
CVE-2024-24416 Jan 21, 2025
Magma 1.8 Buffer Overflow in decode_access_point_name_ie (DoS) The Linux Foundation Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) was discovered to contain a buffer overflow in the decode_access_point_name_ie function at /3gpp/3gpp_24.008_sm_ies.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
Magma
CVE-2023-37037 Jan 21, 2025
Null ptr deref in Magma MME <=1.8 via S1Setup Request A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `S1Setup Request` packet missing an expected `Supported TAs` field.
Magma
CVE-2023-37036 Jan 21, 2025
NPE in Magma MME <=1.8 via missing ENB_UE_S1AP_ID in S1AP Uplink A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Uplink NAS Transport` packet missing an expected `ENB_UE_S1AP_ID` field.
Magma
CVE-2023-37034 Jan 21, 2025
Magma MME Null Pointer Deref via S1AP missing TAI (1.8) A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `TAI` field.
Magma
CVE-2023-37033 Jan 21, 2025
Magma MME Null Pointer Deref. before 1.9 via S1AP Initial UE A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `EUTRAN_CGI` field.
Magma
CVE-2023-37032 Jan 21, 2025
Magma MME Stack Buffer Overflow <1.8 via Oversized Emergency List A Stack-based buffer overflow in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an oversized `Emergency Number List` Information Element.
Magma
CVE-2023-37031 Jan 21, 2025
Magma MME Null-Pointer via S1AP eNB Config Transfer (1.8.0) A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `eNB Configuration Transfer` packet missing its required `Target eNB ID` field.
Magma
CVE-2023-37030 Jan 21, 2025
Magma MME Null Ptr Dref <1.8 Crash via S1AP Init UE Msg A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Initial UE Message` packet missing an expected `eNB_UE_S1AP_ID` field.
Magma
CVE-2023-37029 Jan 21, 2025
Magma <=1.8.0 Assert Crash in MME via Oversized NAS Packet (DoS) Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) are susceptible to an assertion-based crash when an oversized NAS packet is received. An attacker may leverage this behavior to repeatedly crash the MME via either a compromised base station or via an unauthenticated cellphone within range of a base station managed by the MME, causing a denial of service.
Magma
CVE-2023-37028 Jan 21, 2025
Null Ptr Deref in Magma MME (<=1.8.0) via S1AP E-RAB Mod Ind packet A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Modification Indication` packet missing an expected `eNB_UE_S1AP_ID` field.
Magma
CVE-2023-37027 Jan 21, 2025
Null Pointer Deref in Magma MME <1.8.0 via S1AP E-RAB Modification Indication Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Modification Indication` packet missing an expected `eNB_UE_S1AP_ID` field.
Magma
CVE-2023-37026 Jan 21, 2025
Null ptr deref in Magma MME <=1.8 via S1AP E-RAB Response A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `E-RAB Release Response` packet missing an expected `MME_UE_S1AP_ID` field.
Magma
CVE-2023-37025 Jan 21, 2025
Null Ptr Deref in Magma MME <=1.8 via missing S1AP ResetType A Null pointer dereference vulnerability in the Mobile Management Entity (MME) in Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows network-adjacent attackers to crash the MME via an S1AP `Reset` packet missing an expected `ResetType` field.
Magma
CVE-2023-37024 Jan 21, 2025
MME Assertion Crash in Magma <=1.8.0 via NAS EN IE A reachable assertion in the Mobile Management Entity (MME) of Magma versions <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows remote attackers to crash the MME with an unauthenticated cellphone by sending a NAS packet containing an `Emergency Number List` Information Element.
Magma
CVE-2024-24420 Jan 21, 2025
DoS via crafted NAS packet in Magma <=1.8.0 decode_linked_ti_ie A reachable assertion in the decode_linked_ti_ie function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
Magma
CVE-2024-24421 Jan 21, 2025
Magma <=1.8.0 Type Confusion in nas_message_decode arbitrary code exec A type confusion in the nas_message_decode function of Magma <= 1.8.0 (fixed in v1.9 commit 08472ba98b8321f802e95f5622fa90fec2dea486) allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted NAS packet.
Magma
CVE-2024-20143 Jan 06, 2025
V6 DA Driver OOB Write Enables Local Priv Escalation In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2069.
Yocto
CVE-2024-20140 Jan 06, 2025
Microsoft Windows PowerShell OOB Write Escalation In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09270402; Issue ID: MSV-2020.
Yocto
CVE-2024-20152 Jan 06, 2025
Microsoft WLAN Driver Assertion Failure DoS via Improper Exception Handling In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798.
Yocto
CVE-2024-20145 Jan 06, 2025
V6 DA OOB Write Enables Local Priv Escalation In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; Issue ID: MSV-2040.
Yocto
CVE-2024-20146 Jan 06, 2025
WCNCR WLAN STA Driver OOB Write Remote Code Exec In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835.
Yocto
CVE-2024-20144 Jan 06, 2025
ALPS V6 DA OOB Write for Local Priv Escalation In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2041.
Yocto
CVE-2024-20148 Jan 06, 2025
OOB write in WLAN STA firmware remote code execution (CVE202420148) In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.
Yocto
CVE-2022-31670 Nov 14, 2024
Harbor Tag Retention Policy Access Control Vulnerability Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesnt have access to, the attacker could modify tag retention policies configured in other projects.
Harbor
CVE-2022-31668 Nov 14, 2024
Harbor P2P Preheat Policy Update Permission Bypass Vulnerability Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.
Harbor
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.