Known Vulnerabilities for products from Cncf
Listed below are 9 of the newest known vulnerabilities associated with the vendor "Cncf".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-27099 | In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path ... | 6.8 - MEDIUM | 2021-03-05 | 2021-03-16 |
| CVE-2021-27098 | In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX50... | 8.1 - HIGH | 2021-03-05 | 2021-03-16 |
| CVE-2021-20206 | An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the p... | 7.2 - HIGH | 2021-03-26 | 2023-11-07 |
| CVE-2020-11576 | Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine ... | 5.3 - MEDIUM | 2020-04-08 | 2022-04-06 |
| CVE-2020-10749 | A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containe... | 6 - MEDIUM | 2020-06-03 | 2023-11-07 |
| CVE-2020-8664 | CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret... | 5.3 - MEDIUM | 2020-03-04 | 2021-07-21 |
| CVE-2020-8661 | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. | 7.5 - HIGH | 2020-03-04 | 2022-05-24 |
| CVE-2020-8659 | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many smal... | 7.5 - HIGH | 2020-03-04 | 2022-09-30 |
| CVE-2019-9946 | Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration w... | 7.5 - HIGH | 2019-04-02 | 2023-11-07 |
Known software with vulnerabilities from Cncf
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cncf | Argo Continuous Delivery | 1.5.0 |
| Application | Cncf | Cni Network Plugins | 0.1.0 |
| Application | Cncf | Envoy | 1.13.0 |
| Application | Cncf | Harbor | 1.7.0 |
| Application | Cncf | Spire | - |