| CVE-2026-44283 |
medium |
4.3 |
4.3 |
|
|
|
21d ago |
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requ… |
| CVE-2026-33413 |
unknown |
— |
— |
|
|
|
3mo ago |
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call … |
| CVE-2026-33343 |
unknown |
— |
— |
|
|
|
3mo ago |
etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use n… |
| CVE-2020-15136 |
unknown |
— |
— |
|
|
|
2y ago |
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on e… |
| CVE-2020-15114 |
unknown |
— |
— |
|
|
|
2y ago |
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoin… |
| CVE-2020-15112 |
unknown |
— |
— |
|
|
|
4y ago |
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are b… |
| CVE-2020-15106 |
unknown |
— |
— |
|
|
|
4y ago |
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on … |
| CVE-2018-16886 |
unknown |
— |
— |
|
|
|
4y ago |
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd … |
| CVE-2018-1099 |
unknown |
— |
— |
|
|
|
4y ago |
DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other add… |
