Known Vulnerabilities for products from Cncf
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Cncf".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-38495 json | Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5... | 9.8 - CRITICAL | 2023-07-27 | 2023-08-03 |
| CVE-2023-37900 json | Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5... | 2.7 - LOW | 2023-07-27 | 2023-08-03 |
| CVE-2023-25151 json | opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/cont... | 7.5 - HIGH | 2023-02-08 | 2023-03-14 |
| CVE-2022-41939 json | knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers u... | 7.4 - HIGH | 2022-11-19 | 2023-03-14 |
| CVE-2021-27099 json | In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path ... | 6.8 - MEDIUM | 2021-03-05 | 2021-03-16 |
| CVE-2021-27098 json | In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX50... | 8.1 - HIGH | 2021-03-05 | 2021-03-16 |
| CVE-2021-20206 json | An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the p... | 7.2 - HIGH | 2021-03-26 | 2023-11-07 |
| CVE-2020-11576 json | Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine ... | 5.3 - MEDIUM | 2020-04-08 | 2022-04-06 |
| CVE-2020-10749 json | A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containe... | 6 - MEDIUM | 2020-06-03 | 2023-11-07 |
| CVE-2020-8664 json | CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret... | 5.3 - MEDIUM | 2020-03-04 | 2021-07-21 |
| CVE-2020-8661 json | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests. | 7.5 - HIGH | 2020-03-04 | 2022-05-24 |
| CVE-2020-8659 json | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many smal... | 7.5 - HIGH | 2020-03-04 | 2022-09-30 |
| CVE-2019-9946 json | Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration w... | 7.5 - HIGH | 2019-04-02 | 2023-11-07 |
Known software with vulnerabilities from Cncf
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cncf | Argo Continuous Delivery | 1.5.0 |
| Application | Cncf | Cni Network Plugins | 0.1.0 |
| Application | Cncf | Envoy | 1.13.0 |
| Application | Cncf | Harbor | 1.7.0 |
| Application | Cncf | Spire | - |