VYPR
Vendor

Coreos

Products
4
CVEs
7
Across products
7
Status
Private

Products

4

Recent CVEs

7
  • CVE-2018-5256HigMay 18, 2018
    risk 0.49cvss 7.5epss 0.02

    CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server.…

  • CVE-2024-2905MedApr 25, 2024
    risk 0.40cvss 6.2epss 0.00

    A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive…

  • CVE-2018-9090MedSep 24, 2019
    risk 0.40cvss 6.1epss 0.01

    CoreOS Tectonic 1.7.x and 1.8.x before 1.8.7-tectonic.2 deploys the Grafana web application using default credentials (admin/admin) for the administrator account located at grafana-credentials secret. This occurs because CoreOS does not randomize the administrative password to…

  • CVE-2025-54771MedNov 18, 2025
    risk 0.32cvss 4.9epss 0.00

    A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this…

  • CVE-2025-27512LowMar 17, 2025
    risk 0.07cvss epss 0.00

    Zincati is an auto-update agent for Fedora CoreOS hosts. Zincati ships a polkit rule which allows the `zincati` system user to use the actions `org.projectatomic.rpmostree1.deploy` to deploy updates to the system and `org.projectatomic.rpmostree1.finalize-deployment` to reboot…

  • CVE-2024-45778Mar 3, 2025
    risk 0.00cvss epss 0.00

    A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

  • CVE-2025-0689Mar 3, 2025
    risk 0.00cvss epss 0.00

    When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the…