Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.3

    LOW
    CVE-2020-8578

    Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow an attacker to discover node names via AutoSupport bundles even when the –remove-private-data parameter is set to true.... Read more

    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2020-8577

    SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session.... Read more

    Affected Products : e-series_santricity_os_controller
    • Published: Nov. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8576

    Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data or disclosure of sensitive information.... Read more

    • Published: Sep. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2020-8575

    Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).... Read more

    Affected Products : active_iq_unified_manager
    • Published: Aug. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2020-8574

    Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.... Read more

    Affected Products : active_iq_unified_manager
    • Published: Aug. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8573

    The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a documented default account and password that should be changed during the initial node setup. During upgrades to Element 11.8 and 12.0 or the Compute Firmware ... Read more

    Affected Products : hci_h610s_firmware hci_h610s
    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8572

    Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information.... Read more

    Affected Products : element_os element_healthtools
    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2020-8571

    StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS).... Read more

    Affected Products : storagegrid
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2020-8570

    Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite a... Read more

    Affected Products : java
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8569

    Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapsh... Read more

    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8568

    Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This include... Read more

    Affected Products : secrets_store_csi_driver
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2020-8567

    Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host fil... Read more

    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8566

    In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects ... Read more

    Affected Products : kubernetes
    • Published: Dec. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8565

    In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.... Read more

    Affected Products : kubernetes
    • Published: Dec. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8564

    In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3,... Read more

    Affected Products : kubernetes
    • Published: Dec. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2020-8563

    In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.... Read more

    Affected Products : kubernetes
    • Published: Dec. 07, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-8562

    As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As ... Read more

    Affected Products : kubernetes
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2020-8561

    A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that use... Read more

    Affected Products : kubernetes
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 6.8

    MEDIUM
    CVE-2020-8559

    The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a... Read more

    Affected Products : kubernetes
    • Published: Jul. 22, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2020-8558

    The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's netw... Read more

    Affected Products : kubernetes
    • Published: Jul. 27, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results